Hi there - Is there a way to scan my entire network and see if the following security group is being used by a service/application or others? The goal I'm trying to achieve here is find those security groups that are no longer being utilized and remove them permanently. Please advise. Cheers, DB

doing a scan is nearly impossible. The easiest way to accomblish this is to record the member of the group, then remove all members. Run for a month or two like that, then if no errors are reported you can safely (within reason) remove the group. Because the group could be embedded into any application, NTFS file structure, or AD permissions, doing a scan requires specific knowledge of all of those things, and is only as good as the person doing it. You should implement a resource security model, and use specific groups for particular resources. That will help pervent these issues, then you never have to do a scan again, you know excatly that is protected by each group based on its name. The Golden Rules of Permissions Administration http://networkadminkb.com/Shared%20Documents/The%20Golden%20Rules%20of%20Permissions%20Administration.aspx Axioms of Permissions Administration http://networkadminkb.com/Shared%20Documents/Axioms%20of%20Permissions%20Administration.aspx